How can i convert xyz.key and yyz.crt to one xyz.pem

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:
openssl x509 -in -out key.usdzradio.pem

It produced this output:
unable to load certificate
139671713797248:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

those files are already in pem format, if needed just rename its extension as pem.
are you need them to be in a single file?


Yes this for icecaste2

cat /etc/letsencrypt/live/ /etc/letsencrypt/live/stream.example/privkey.pem > /etc/icecast2/bundle.pem

the guide itself includes how to convert automate this by certbot post hook so worth read it yourself


this is why i wanted to convert my crt and key file to pem.
i did all this but did not work
cat > /usr/share/icecast2/icecast.pem

cat /etc/icecast2/icecast.xml|grep ssl

you just catting the key, you need to do the certs too.
cat fullchain.crt privkey.key > bundle.pem

P.S I have to sleep


What port are you serving your encrypted icecast on?

I see an unencrypted one on port 8000. (NB: the certificate will not work if you call the stream using the IP address instead of the domain name)

1 Like

thank you very much

1 Like

Things to know about what you're trying to do:

As another user pointed out, there are a lot of hardware internet radios that don't support TLS, so it's probably best to use http on port whatever for them.

As for port whatever, I'd personally use a reverse proxy and serve the website and the radio on the same port, so you can include the http (port 80) radio on the http website and the https (port 443) radio on the https website. (just omit the scheme, like href="//")

I was listening, why did you stop the music? :smiley:


sorry i tryed to use the domain name instead off the ip so i did have to modify the conf on mixxx

You're already running nginx so this should be a good starting point: stream - Icecast2 running under nginx not able to connect - Stack Overflow

Notice that you don't need to configure TLS for icecast if the only way to access icecast is through nginx.

1 Like

did not work i even installed a centos 7 server with apache to see if the problem is debian openssl problem or not
same story icecast don't work i followed step by step the guide

as you can see 443 is ok 8443 is not ( the firewall is ok as well)

curl -v localhost:443 >/dev/null

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to localhost port 443 (#0)

  • Trying ::1...
  • Connected to localhost (::1) port 443 (#0)

GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: localhost:443
Accept: /

< HTTP/1.1 400 Bad Request
< Date: Wed, 16 Mar 2022 23:43:49 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.27
< Content-Length: 362
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
{ [data not shown]
100 362 100 362 0 0 59854 0 --:--:-- --:--:-- --:--:-- 72400

  • Closing connection 0

]# curl -v localhost:8443 >/dev/null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to localhost port 8443 (#0)

  • Trying ::1...
  • Connection refused
  • Trying
  • Connection refused
  • Failed connect to localhost:8443; Connection refused
  • Closing connection 0
    curl: (7) Failed connect to localhost:8443; Connection refused

It's closed somewhere

~ $ nmap -p 80,443,8000,8443
Starting Nmap 7.92 ( ) at 2022-03-17 00:50 CET
Nmap scan report for (        Host is up (0.18s latency).
rDNS record for
80/tcp   open   http
443/tcp  open   https                                      
8000/tcp open   http-alt
8443/tcp closed https-alt                                  
Nmap done: 1 IP address (1 host up) scanned in 1.15 seconds

Or maybe it's not listening. Try running

sudo ss -tlpn | grep 8443

(But anyhow, you don't need this if you want to use a reverse proxy)

1 Like

yes it's not listening to any thing on port 8443

i dont know how to do that

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.